The purpose of this topic is to describe some of the potential security risks you may face when browsing the Internet, and to recommend ways to minimise the threats they pose to you.

You will notice I say minimise, I do not say eliminate. Sadly the number of potential threats to your computer increases every day, and the methods used to breach your security and exploit your computer get ever more sophisticated.

It is impossible to be 100% safe when online, however by following the guidelines described in this topic, you can greatly reduce your chances of contracting an infection.

How do I find the information I need ?

This topic is divided into a number of posts, each of which will deal with a particular subject. The subjects are listed below. Clicking on any of the links will take you to the related post.

Types of threat - a description of some of the more common security threats and how to minimise their threat to you.

Before I start describing the various types of online threat, I think it is important to understand why these threats exist.

Traditionally, malware creation was restricted to a few technically gifted but "mischevious" individuals who wanted to have "fun" at the expense of others. From there it progressed to being the province of unethical advertisers who installed programs on their unwitting victims computers to pop-up advertisements for which the advertiser got a per-click revenue. From there things have moved on again.

Most modern malware is the creation of professional criminals who wish to make money from you.

There are a number of ways in which they can do this ....

Theft - if you take part in online banking, or use your computer for buying things online, your banking and credit card account details can be stolen and used.

Identity theft - as well as theft of your banking and credit details, any personal details on your computer can be used to allow someone to assume your identity, setting up accounts and making purchases in your name.

Advertising revenue - click through payments are still a valuable source of income to the unethical, and many infections use pop-ups and search re-direction to maximise the attacker's click through payments.

Using your computer to distribute spam or porn - the free space on your hard drive is a valuable resource to the distributors of spam and porn, who are more than happy to use your computer as a host server for their wares.

Selling your information and data to others - by making you part of a botnet, your attacker can sell you as an "assett" to other criminals, so that they can exploit your computer as well. There is an active market for botnets, which are sold or rented out by botherders to those who have "use" for one.

So what types of threats are there and how should you handle them ?

Below are some of the most common ways to pick up an infection ....

P2P file sharing - by far the greatest number of people who visit this forum for help with an infection, are people who use P2P (peer to peer) file sharing programs. By using P2P you are massively increasing your chances of getting your computer infected.

We always require people seeking help here to remove any P2P programs before we will help them, since by keeping them you are practically guaranteed to get infected again.

The threats to your computer from P2P are 3 fold ....

Many P2P programs come with spyware functionality pre-installed.

You are downloading from unknown sources. Most malware writers specifically target P2P distribution, offering "free" or "cracked" goodies as bait to entice you to download their creations.

Unless properly configured, users of P2P programs are usually giving access to a great deal more of their computer than they may realise. Most people do not configure the programs properly.

As you can see, even if you use one of the "clean" P2P programs, you are still at high risk of contracting an infection.

Infected e-mails - are one of the oldest ways of distributing malware, yet it's amazing how many people still get infected by opening them.

Quite simply, if you get an e-mail from someone you don't know, then delete it. Don't open it to see what they want, if you didn't contact them, then there's no good reason why they should want to contact you.

Infected e-mails may however also come to you from someone you know. If someone you know has contracted a computer infection, then the first thing the infection will do is contact everyone in his or her address book and send them an e-mail containing a copy of the infection.

These usually come in one of two ways.

As an attachment. Never open e-mail attachments, no matter who they come from, until you have contacted the person who supposedly sent it, and confirmed with them that they have sent you an attachment.

As an embedded html/javascript code. The safest setting is to have your e-mail client set to view incoming e-mails in text only, that way any malicious html code cannot execute. Of course this means you don't have all the pretty formatting that html provides, but it does mean that you cannot be exploited by a hidden html/javascript code.

Clicking on Pop-ups - it is surprising how many people get infected by the simple act of clicking OK on a pop-up Window. If you're not 100% sure that the source of the pop-up is from a source that you trust, then do not click on it.

Two of the favourite ways to entice you to click on the pop-up are ....

The pop-up will resemble a "standard" Windows or Anti-Virus notification window and tell you your computer is infected and ask you to click to fix it. - Some of these pop-ups are an almost perfect facsimile of the genuine thing and are very believable.

The pop-up will tell you that you need to download a special codec to view some particular media. Very few websites require anything other than the standard codecs supplied with Windows for you to view their contents. By clicking on one of these pop-ups, instead of downloading and installing a codec, it's much more likely you'll be downloading and installing malware.

Do not attempt to close the pop-up windows by clicking on the X in the top right corner of the window as usual, since this may also activate the malware installation. Instead hit Ctrl+F4 to close your browser. If this does not work you may need to shut down Windows to kill the pop-up window.

Downloading Freebies - is another of the most popular ways to contract an infection. Whether using P2P (the most popular option) or using the more conventional download methods.

If something seems too good to be true, it is. Malware writers love to bait the trap by offering "free" versions of popular pay for programs, videos, music etc. You may or may not get the products you're hoping for, but they certainly won't be free because they'll almost certainly either be replaced with or accompanied by a package of malware.

Phishing - is a relatively new method of exploiting people online, where the attacker tries to convince them to part with important information, such as site passwords, bank account details, or credit card details, by pretending to be some legitimate person or organisation.

The initial approach is usually (but not always) by e-mail. The attacker will purport to be from your bank (or some such body) and will spin you some plausible story and asking you to confirm your account details. They will supply a link in the e-mail to what looks like a legitimate website, where you will be requested to enter your account and password and/or other personal information.

The site is of course just a very clever copy of your actual bank's website, and you have now given your attacker all the information he needs to empty your actual bank account, and/or to set up false bank and credit accounts using your name.

Some of the cruder phishing scams are easily spotted by their unusual phraseology and poor English grammar. However many are very, very plausible. Just remember this ....

No bank, credit card company, financial institution or reputable business will EVER contact you in this way, asking for this kind of information.

Bad or Infected Websites - some websites are just bad news (porn sites, warez sites, etc) and are set up to entice the unwary. Just visiting them, without even clicking on anything once you're there, can be enough for you to contract an infection. The simplest way to avoid infection is to avoid visiting those type of sites.

The more insidious problem is when a legitimate website is host to a "poisoned" link. Unless a website is properly secured and administered it is a relatively simple task for an unscrupulous person to hack the site and replace legitmate links with ones that perform an entirely different purpose. Clicking on such a link will either take you to a website you did not intend to visit, or cause you to install software you did not intend to install, sometimes both.

The two attacks described above are known as "drive by" infections, and are one of the more difficult problems to avoid, since potentially any website could be compromised. One way round them is to disable scripting in your browser, but that can mean a great many legit web applications will fail to display when you browse the internet.

Users of Firefox can install an extension called NoScript which enables script permissions to be "allowed" on a site by site basis. This can reduce (but not eliminate) your chances of contracting a drive by infection, since only the sites you have "allowed" can run scripts on your computer.

Many people are under the delusion that it is possible for them to secure their computer against all attacks, and that they can therefore safely behave as they wish when they are online, clicking on anything they want, and visiting any sites they wish, secure in the knowledge that they have a firewall and an anti-virus program that will save them from all ills.

Sorry to disillusion you, but that is not, nor will it ever be true.

The purpose of installing protective programs on your computer is to minimise the number of online threats you will be subject to, and they generally do a very good job as long as you appreciate their limitations.

I think it might be helpful at this point to give a simplified overview of how your defensive systems work so you can understand what some of these limitations are ....

Quote:

The average home computer has approximately 64,000 ports through which it can communicate. By default these ports are open and can be used by any program which cares to access them, either from within the computer or from without. If you were to go online with a computer in this condition you would quickly be attacked and your computer would be infected.

To prevent this you install a Firewall. A firewall will close all open ports and you then open the ones you need by setting "rules" for them according to the instructions supplied with the Firewall program. Usually you will have ports open for your Internet Browser, your e-mail client, and the update functions for various programs.

These "open" ports will not be fully accessible, in that they will only allow a communication if it was instigated from within your computer. Any unsolicited communications from outside are blocked.

However if you are tricked into starting the communication, then as far as your Firewall is concerned it is a legit transaction and it will open the port. So by clicking on malicious links, replying to unsolicited e-mails and attachments, and downloading from unsafe sources, you are effectively bypassing any protection your Firewall supplies.

At this point your Anti-Spyware and Anti-Virus programs take over. The real-time-protection in these constantly scan the data stream in your open ports looking for things that match with items in the database they have within them. If they find something then they will alert you, or quarantine it, or delete it, according to the rules set within the program.

However as you can see, if the database does not contain details of the infection that's attacking you, then your Anti-Virus or Anti-Spyware programs will not protect you. There are new infections (or new variations of old infections) created every day, which is why it's vital to keep your programs up to date. Even with a fully updated database though, you are still playing catchup, which is why your Firewall, Anti-Virus and Anti-Spyware programs cannot ever give you 100% protection.

Adding more and more programs will not give you more and more protection, it's up to you to take some responsibility for your online actions, and modify them to give your programs the best chance of protecting you.

Please read the section .... Types of threat .... to see how you can modify your online browsing habits to give yourself a better chance of not contracting an infection.

So now you realise that your protection can never be absolute, let's look at what you can do to make it as effective as possible .....

Follow safe online browsing habits.

Keep Windows and your programs up to date.

Use a firewall.

Use an Anti-Virus and an Anti-Malware program.

Minimise your chances of visiting infected sites.

Control the sites that can use scripting on your browser.

Use a Sandbox when browsing.

Follow safe online browsing habits - browsing with caution is the single biggest thing you can do to reduce your chances of contracting an infection. You can fit every protective system under the sun, but if you act like an idiot online then sooner or later you will contract an infection. So take some responsibility for your behaviour and give yourself a much better chance of staying uninfected.

Keep Windows and your programs up to date - once a month on the 2nd Tuesday of the month Microsoft release a series of "patches" to resolve problems and security vulnerabilities that have been found for the various versions of Windows. It is important that you install any security related patches. For most people the simplest way to do this is to enable Automatic Updates in Windows. Alternatively experienced computer users can opt to have Windows prompt them when patches are available.

Below are links to guides for how to set up Automatic Updates for the various versions of Windows.

As well as Windows it is important to keep your other programs up to date as well. Old versions of java, flash, your browser, and a whole lot of others, can be exploited, so it is important you have the latest versions installed on your computer.

To make the job easier for you Secunia have an online scanner which will scan your computer for any out-of-date programs and notify you which they are so that you can update them.

Use a firewall - all the later versions of Windows (XP, Vista, Windows 7) come with a firewall, so make sure it is switched on. Most people now also connect to the internet via a modem or router which will also act as a hardware firewall.

However most people leave their router with the manufacturer's default settings. This is not secure. The default SSIDs (Usernames) and Passwords for a great many routers are well known to hackers, and many can be looked up online at sites like THIS.

THIS article gives some good advice on how to make your Wi-Fi connection more secure. I recommend you read through it, and that at the very minimum you should change your router's password. There is a step by step example of how to do so HERE.

Generally the combination of a hardware firewall and the inbuilt Windows firewalls will be sufficient to guard your ports, however you can expand the functionality of your firewalling by installing a 3rd party firewall and using that instead of the inbuilt Windows firewalls. There is a list of free 3rd party firewalls in the section .... Links to free security applications and online scanners.

Vista and Windows 7 also have UAC (Universal Access Control) fitted. UAC is what is known as a process firewall. UAC only allows processes to run on your computer if they have been given permission, it is a really valuable addition to your computer's security and should never be switched off. Yes the pop-up requests for permission can be a little irritating sometimes, but believe me they shade into insignificance compared to the irritation and inconvenience you will suffer having to deal with a full blown infection.

Most UAC alerts will be as a result of something you are doing, they are expected and it is a simple matter to allow them, but if one flashes up that you were not expecting, then read carefully what the alert says and if you're not sure then disallow it. You may just have saved yourself a whole bundle of grief.

Use an Anti-Virus and an Anti-Malware program - viruses and malware are not the same thing, and the programs used to detect and protect against them operate in significantly different ways, so it is important that you have one of each installed on your computer.

Installing more than one of each will cause conflicts and will result in less not more protection.

Because viruses and malware are constantly evolving it is essential that you keep your anti-virus and anti-malware programs updated to the latest definitions. You are much more likely to contract one of the newer infections that is "doing the rounds" than an older infection variety. An out-of date AV or AS program, or a program using out-of-date definitions is not going to protect you. Most of the reputable programs have settings to allow them to update automatically, use them. If the program you use does not allow auto-updating, then you should update it manually on a daily basis.

Control the sites that can use scripting on your browser - by disabling the use of scripts within your browser you can significantly reduce the chances of contracting a "drive-by" infection. Unfortunately this also has the effect of disabling the functionality of a great many legitimate website applications, and for this reason it is not an option that most people would choose to use.

For users of Firefox however there is a compromise.

NoScript is an add-on extension to Firefox, which permits you to allow or deny the use of scripts on a site by site basis. The default condition for all sites is to block scripts, and you then add sites you know and trust to a "whitelist" so that scripts are allowed when you visit those sites.

The advantage of this method is that when browsing to an unknown site you are protected from scripting exploits, but once you have determined that the site is safe, with a couple of clicks or so you can enable scripts and access the full functionality of the site.

Use a Sandbox when browsing - sandboxing is a system in which your browser (or other programs) runs within a virtual environment. Any changes made while using the sandbox are confined within the sandbox. So if you come across something malicious when browsing, then any alterations it may make to your computer are restricted within the sandbox environment, and when you close the sandbox those alterations are deleted.

Sandboxes are not 100% secure, and it is possible for some infections to "break out" of them, which is why it is important not to rely on them as your sole means of protection. However if used sensibly they can significantly add to your protection when browsing.

Making regular backups should be a part of everyone's computer practice. Most of you will have files on your computer that you do not want to lose, but I would not be at all surprised if a great many of you reading this article have never taken the time to make a backup copy of those files.

How would you cope if your computer suffered a major hardware failure, or you contracted an infection that made your computer unbootable, or required you to perform a re-format of your hard drive ?

Yet making a backup of your files is so easy, most versions of Windows have inbuilt backup facilities (XP Home requires they be added from the installation disk) which in most versions of Windows can be set to run a backup schedule automatically.

Site Evaluation Programs - these are by no means infallible usually due to the means used to evaluate a site, which can sometimes be unreliable or manipulated by unscrupulous "voters". However for the most part they do give a valuable indication of the "bad" sites so you can either avoid them, or take care if you choose to visit them.

Please Note: - Many free security programs come with the Ask-Toolbar, this is usually pre-checked in the default installation. There will usually be an option not to install it, we strongly recommend you take that option and do NOT install Ask-Toolbar._________________Gary RAdministrator atMalware Removal University